The U.K. Financial Conduct Authority has launched a consultation on its approach to implementing Regulatory Technical Standards and related Guidelines developed by the European Banking Authority to supplement provisions of the revised Payment Services Directive. The FCA's consultation focuses in particular on the RTS for strong customer authentication and common and secure open standards of communication. These RTS impose obligations on payment service providers to increase the security of customers' payments made by card and other means and also set out requirements on account servicing payment service providers (ASPSPs) relating to the third party providers of Account Information Services (AIS) and Payment Initiation Services (PIS) that were brought within the regulatory regime by PSD2.

The consultation includes proposals on new fraud reporting requirements reflecting PSD2 fraud reporting guidelines published by the EBA in July 2018. The FCA is also consulting on proposed changes to its Payment Services and E-Money Approach Document to reflect other legislative changes and clarify its expectations.

The EBA consulted between June and August 2018 on proposed Guidelines on aspects of the RTS. The FCA's proposed implementation approach is premised on the assumption that the final Guidelines will be largely as consulted on and the FCA will adjust its approach if necessary when the finalized Guidelines are published.

The RTS on strong customer authentication and common and secure open standards of communication are set out in Commission Delegated Regulation (EU) 2018/389, which will apply directly across the EU mainly from September 14, 2019. The RTS specify how third party providers (that is, AIS providers, PIS providers and payment service providers issuing card-based instruments) can connect securely with customers' banks or other providers to provide their services. The RTS require that ASPSPs must either: (i) give third party providers access to the same interfaces used for authentication of and communication with the ASPSP's payment services users; or (ii) provide access by means of a dedicated interface.

When they provide a dedicated interface, ASPSPs are required to put in place contingency plans to address any unplanned unavailability of that interface, such as systems failure. In order to obtain exemption from this contingency requirement, an ASPSP must provide a dedicated interface that meets each of several conditions prescribed in the RTS and must provide evidence of its compliance with the conditions to its national regulator. The national regulator can then allow the exemption after consultation with the EBA. The EBA will be finalizing its Guidelines designed to clarify the conditions and the factors that national regulators should consider to determine whether an ASPSP qualifies for the exemption.

The proposals in the FCA's consultation paper will apply to PSPs, including banks, building societies, e-money issuers, payment institutions, registered AIS providers and PIS providers.

Comments on the consultation are invited by October 12, 2018. Subject to the outcome of the consultation, the FCA will accept applications from ASPSPs for exemption from the contingency obligation from January 2019. Exemption requests should be submitted by June 14, 2019 if exemption is sought by September 14, 2019. The procedure for making an exemption application is set out in an annex to the consultation paper.

These publications are only intended to be a general discussion of the topics covered and should not be construed as legal advice. We would be pleased to provide additional details or advice about specific situations.